フィードアグリゲーター

Luca Ferrari: The role of a role within another role

planet postgresql - 2019-05-09(木) 09:00:00

A recursive title for a kind of recursive topic: what does really mean to have a role into another one? This article tries to figure out some basic knowledge about it.

The role of a role within another role

After reading the very excellent article by Hans-Jürgen Schönig about roles, I decided to provide my own vision about users, groups and the more abstract role concept.

The word role

First of all, the word role has little to do with PostgreSQL: it is a word used in the SQL standard, so don’t blame our favourite database for using the same word to express different concepts like user and group.

Roles: are they users or groups?

The wrong part of the question is or: roles are both users and groups. Period. A role is a stereotype, an abstraction for saying a collection of permissions to do some stuff. Now, often a collection of permission is granted to a user, and therefore a role smells like an user account, but in my opinion this is just a coincidence. And in fact, as in the best system administration tradition, when you have to assign a collection of permissions to more than one user you need a group; roles can therefore smell like a group.
Remember: roles are collection of permission, what makes they smell as a group or an user is just the way you use them. If you use a role for a single user, then it is fine to think the role as an user account. If you use the role for more than one user, then it is fine to think the role as a group.
Now, if you think this is trivial and simple, consider that a role can smell...

カテゴリー: postgresql

11.3

postgresql.org - 2019-05-09(木) 09:00:00
11.3 is the latest release in the 11 series.
カテゴリー: postgresql

10.8

postgresql.org - 2019-05-09(木) 09:00:00
10.8 is the latest release in the 10 series.
カテゴリー: postgresql

9.6.13

postgresql.org - 2019-05-09(木) 09:00:00
9.6.13 is the latest release in the 9.6 series.
カテゴリー: postgresql

9.5.17

postgresql.org - 2019-05-09(木) 09:00:00
9.5.17 is the latest release in the 9.5 series.
カテゴリー: postgresql

9.4.22

postgresql.org - 2019-05-09(木) 09:00:00
9.4.22 is the latest release in the 9.4 series.
カテゴリー: postgresql

Mathias Verraes: Patterns for Decoupling in Distributed Systems: Domain Query

phpdeveloper.org - 2019-05-09(木) 07:00:02

Domain Query

Replace Free Queries with Domain Queries to decouple from knowledge of the server’s internals.

Problem

The word query is usually associated with database queries. There are however other ways we can query a system that we don’t perceive as a database. REST and GraphQL...

カテゴリー: php

Nasamuffin’s Geocities Page: Read-Writable Regular Expressions

phpdeveloper.org - 2019-05-09(木) 07:00:02

Regex is great, right? It’s concise, it’s precise, and the process of developing an expression that works just right is a hell of a lot of fun. Until you submit a patch to your coworkers with your beautiful expression, and they leave you comments like,

“How does this regex work?...

カテゴリー: php

Voices of the ElePHPant: Interview with Matthew Weier O’Phinney

phpdeveloper.org - 2019-05-09(木) 07:00:01

@mwop

Show Notes The Linux Foundation forms new Laminas project to support continued growth of Zend Framework and PHP tooling From Zend to Laminas Laminas Swoole – Production-Grade Async programming Framework for PHP

Audio

This episode is sponsored by...

カテゴリー: php

symfony Project Blog: SymfonyLive London 2019: meet the first selected speakers!

phpdeveloper.org - 2019-05-09(木) 07:00:01

SymfonyLive London 2019 is coming on September 12th and 13th. This year, we organize the 8th edition of the conference! Join us at the only Symfony conference in the UK for 2 days of Symfony downtown London:

Pre-conference workshop day on September 12th. Workshops topics will be announced soo...

カテゴリー: php

Tomáš Votruba Blog: End of goPhp71.org

phpdeveloper.org - 2019-05-09(木) 07:00:01

I launched goPhp71.org in June 2017, just 6 months after release of PHP 7.1. In those times nobody was sure what version to require - 7.1? 7.0? Or wait for 7.2?

Future is now. There is no need for the initiative now and it's time to let it go.

How much did it cost? What was the effect? ...

カテゴリー: php

Laravel News: Laravel 5.8.16 Adds New Migration Events

phpdeveloper.org - 2019-05-09(木) 07:00:01
The Laravel team released Laravel v5.8.16 yesterday with new migration events and adds the ‘Renderable’ contract to the MailMessage class. Visit Laravel News for the full post. The post Laravel 5.8.16 Adds New Migration ...
カテゴリー: php

phpday 2019

php.net - 2019-05-08(水) 16:28:01
カテゴリー: php

Hans-Juergen Schoenig: PostgreSQL: Using CREATE USER with caution

planet postgresql - 2019-05-08(水) 15:45:45

PostgreSQL offers powerful means to manage users / roles and enables administrators to implement everything from simple to really complex security concepts. However, if the PostgreSQL security machinery is not used wisely, things might become a bit rough.

This fairly short post will try to shed some light on to this topic.

The golden rule: Distinguish between users and roles

The most important thing you got to remember is the following: You cannot drop a user unless there are no more permissions, objects, policies, tablespaces, and so on are assigned to it. Here is an example:

test=# CREATE TABLE a (aid int); CREATE TABLE test=# CREATE USER joe; CREATE ROLE test=# GRANT SELECT ON a TO joe; GRANT

As you can see “joe” has a single permission and there is already no way to kill the user without revoking the permission first:

test=# DROP USER joe; ERROR: role "joe" cannot be dropped because some objects depend on it DETAIL: privileges for table a

Note that there is not such thing as “DROP USER … CASCADE” – it does not exist. The reason for that is that users are created at the instance level. A user can therefore have rights in potentially dozens of PostgreSQL databases. If you drop a user you cannot just blindly remove objects from other databases. It is therefore necessary to revoke all permissions first before a user can be removed. That can be a real issue if your deployments grow in size.

Using roles to abstract tasks

One thing we have seen over the years is: Tasks tend to exist longer than staff. Even after hiring and firing cleaning staff for your office 5 times the task is still the same: Somebody is going to clean your office twice a week. It can therefore make sense to abstract the tasks performed by “cleaning_staff” in a role, which is then assigned to individual people.

How can one implement this kind of abstraction?

test=# CREATE ROLE cleaning_staff NOLOGIN; CREATE ROLE test=# GRANT SELECT ON a TO cleaning_staff; GRANT test=# GRANT cleaning_staff TO joe; GRANT ROLE

First we create a role called “cl

[...]
カテゴリー: postgresql

Interview with Michael Moussa

planet PHP - 2019-05-08(水) 07:38:00
カテゴリー: php

Andreas Scherbaum: Google Summer of Code 2019 - PostgreSQL participates with 5 projects

planet postgresql - 2019-05-08(水) 05:24:00

Andreas 'ads' Scherbaum

For the 13th year, the PostgreSQL Project is participating in Google Summer of Code (GSoC). This project is a great opportunity to let students learn about Open Source projects, and help them deliver new features. It is also a chance to engage the students beyond just one summer, and grow them into active contributors.

In GSoC, students first learn about the Open Source organization, and either pick a summer project from the list provided by the org, or submit their own idea for review. After a “community bonding” period, the students have time to implement their idea, under supervision of mentors from the Open Source organization. There is also an incentive: first, Google pays the students for their work on improving Open Source projects. And second, having a completed GSoC project in a CV is well recognized.

Continue reading "Google Summer of Code 2019 - PostgreSQL participates with 5 projects"
カテゴリー: postgresql

424 Failed Dependency

planet PHP - 2019-05-08(水) 00:00:00

The 424 Failed Dependency status-code does not appear in the base HTTP specification, but is part of WebDAV specification, which is an extension to HTTP.

WebDAV has a concept of ‘properties’ that are associated with resources. They are a little bit like extended file attributes, which is a feature on many modern filesystems

WebDAV uses the PROPPATCH HTTP method to update these. Many can be updated in 1 single HTTP request.

Generally HTTP requests are ‘all or nothing’. In other words, they should either completely succeed or completely fail.

WebDAV uses HTTP status codes in response bodies to indicate if a property update was successful or not. If a PROPPATCH was issued, and one property update failed (with for example 403 Forbidden) then automatically every other property update will also fail with 424 Failed Dependency.

424 Failed Dependency will therefore never appear on a HTTP response status line, and only ever in HTTP response bodies that have a 207 Multi-Status response code.

Example PROPPATCH /folder HTTP/1.1 Host: www.example.org Content-Type: application/xml <?xml version="1.0"?> <d:propertyupdate xmlns:d="DAV:"> <d:set> <d:prop> <d:getcontentlength>1</d:getcontentlength> <d:displayname>Evert</d:displayname> </d:prop> </d:set> </d:propertyupdate>

Response:

HTTP/1.1 207 Multi-Status Content-Type: application/xml Content-Length: xxxx <?xml version="1.0"?> <d:multistatus xmlns:d="DAV:"> <d:response> <d:href>/folders</d:href> <d:propstat> <d:prop><d:displayname/></d:prop> <d:status>HTTP/1.1 424 Failed Dependency</d:status> </d:propstat> <d:propstat> <d:prop><d:getcontentlength /></d:prop> <d:status>HTTP/1.1 403 Forbidden</d:status> </d:propstat> </d:response> </d:multistatus>

The above response indicates that getcontentlength was not allowed to be updated, and this caused the update to displayname to fail with 424.

Usage on the web

This HTTP status code should probably not be used outside of WebDAV

References
カテゴリー: php

Voices of the ElePHPant: Interview with Mario Peshev

phpdeveloper.org - 2019-05-07(火) 23:30:02

@no_fear_inc

Show Notes 126 Steps to Becoming a Successful Entrepreneur: The Entrepreneurship Fad and the Dark Side of Going Solo

Audio

This episode is sponsored by

The post Interview with Mario Peshev appeared first on Voices of the ElePHPant.

カテゴリー: php

PHP Town Hall: Episode 64: Symfony Round Up

phpdeveloper.org - 2019-05-07(火) 23:30:02

Matt Trask and Amanda Folson are joined by Ryan Weaver to take a look at the landscape of the Symfony Ecosystem.

They discuss a few new packages from the Symfony team such as Mailer, HTTP Interface, API Platform as well as discussing the EU’s funding of a 48 hour hackathon that Ryan woke up ...

カテゴリー: php

symfony Project Blog: New in Symfony 4.3: Mime component

phpdeveloper.org - 2019-05-07(火) 23:30:02
Contributed by Fabien Potencier in #30416.

Symfony provides more than 60 decoupled components to solve common needs of web and console applications. New Symfony versions usually introduce new com...

カテゴリー: php

ページ